In the past week, I’ve refrained from posting any new articles on my blog. It turns out that there was some nasty malicious code that was somehow inserted into the blog. It took me nearly 15 hours to clean it all out and ensure that the site was safe to visit. Until it was safe, I didn’t want anyone coming and suffering the consequences. If you’re interested in what happened and what I did, keep reading, otherwise, you can be assured that it’s safe to surf the blog once again.
Several people notified me that the blog was infected with a malicious code. My first reaction, since I didn’t know what I was looking for, was to do a google search for “malicious code wordpress.” It was here that I discovered what was going on. The website dconstructing.com had a detailed entry as to what the problem might be. I read the article carefully, noting what I should be looking for. Sure enough, several hundred of my .php files were infected.
Every single one of them had the eval(base64_decode command that tells php to decode a string of numbers and letters as if it were php code. The key thing here is that this can be good and bad. WordPress doesn’t do this with its php code, so I was sure it was bad. Very bad.
- I manually cleaned out every single .php file.
- I deleted any user that hasn’t made a post to my blog.
- I changed my password.
- I learned how to reset all my keys.
- I checked everything again.
- I signed up for Comodo’s SiteInspector. This program will scan up to three pages per day to check and see if there is any malicious code on your site.
My blog is more secure now, hopefully preventing another occurrence. I apologize for any inconvenience this may have caused folks and I’ll continue to monitor the site very closely.